c) Security Flashcards
safeguarding files and records
- data can be protected through the use of internal and external labels and file protection rings
- ALL critical application data should be backed up and stored in a secure off site lcoation
Son-Father-Grandfather concept
- Whats the version of the data
- The most recent file is the son, second most recent file is the father and the preceding file is the gfather
- Process includes reading the previous file, recording (adding) transactions being processed and creating a new updated master file.
- There are always at least two backup files that can be used to recreate the destroyed file
Backups of systems that can be shut down
files or databases that have changed since the last backup (or just all data) can be backed up using son, father, gfather concept
Backups of systems that do not shut down
files or databases that have changed since the last backup (or just all data) can be backed up sing son, father, gfather concept
mirroring
use of a backup computer to duplicate all of the processes and transactions on the primary computer-can be expensive
Uninterrupted Power supply
device that maintains a continuous supply of electrical power to connected equipment. A UPS is also called a battery backup. The battery will eventually run out
program modification controls
include both controls designed to prevent changes by unauthorized personnel and controls that track program changes so that there is a record of what versions of what programs are running in production at any specific point in time
data encryption
- essential foundation for electronic commerce
- uses a password or digital key to scramble a readable (plaintext) message into an unreadable (ciphertext) mesasge.
- the intended recipient then uses another digital key to decrypt or decipher the message back into plaintext.
- the longer the length of the key, the less likely is the message to be decrypted
brute force attack
attacker simply tries every possible key until the right one is found
digital certificates
electronic docs created and digitally signed by a trusted party which certifies the identity of owners of a particular public key
PKI
Public key infrastructure
- the system and processes used to issue and manage asymmetric keys and digital certificates.
- the org that issues public and private keys and records the public key in the digital certificate is called a certificate authority -IE Verasign
Digital signatures
Use asymmetric encryption to create legally binding electronic documents
Esignature
an alternative to digital signatures and are provided by vendors as a software product. They are legally binding, as if the user had really signed the paper copy of the document.
Managing passwords
The first rule in password policy is that every account must have a password
Password length
general rule: minimum of 7 or 8 characters for password length
